Malicious subscribers of telecom services may attempt to commit telecom fraud in order to avoid legitimate charges or to make money from other, unsuspecting subscribers. Such telecom fraud may cost telecom service providers significant revenue and reduce the quality of the service provided to subscribers.
One type of telecom fraud is known as subscriber identity module (SIM) box fraud, a result of which is the theft of revenue that telecom service providers derive from international calls. In this case, a malicious subscriber intercepts calls in one country destined for another country into one end of a voice over IP (VoIP) network that bypasses a gateway through which telecom companies meter international calls. The malicious subscriber then has a SIM box connected to the other end of the VoIP network that poses as a cell phone on a telecom network in the other country to route the calls to their destination.
Another type of telecom fraud is known as SIM cloning, and involves the theft of identifying information of a SIM card belonging to a legitimate subscriber in order to fraudulently provide calls on a telecom network at the expense of the legitimate subscriber. A SIM card is a small memory module that contains, among other pieces of information, a unique serial number (ICCID) identifying that SIM card and an international mobile subscriber identity (ISMI) identifying a subscriber. These details are then input in new SIM cards to form SIM clones. A call made from a phone using a cloned SIM card may then be billed to the legitimate subscriber.
Conventional approaches to detecting telecom fraud involve manually analyzing individual subscriber accounts in order to establish fraudulent use of telecom services. For example, a subscriber who notices fraudulent charges on a bill may notify a telecom service provider of the charges. In response, an investigator with the telecom service provider examines calls associated with the charges to determine the type of fraud being perpetrated against the subscriber. The investigator may then study a larger pool of calls made using the telecom services to determine a source of that fraud.